squid does not need clustering, why over complicate things? for a resilient web proxy, just use a proxy.pac script on the client, and the browser itself will try multiple servers to find a functional connection. One step further is to hash the url being requested, get the modulus 2 value of the hash and use that to really simply load balance the two servers with zero additional config on the two servers. this will give you THE best performance and cache hit ratios you could ever logically recieve, as you can provide 100% predictable usage of specific proxies when all servers are functional, with automatic failover if it goes tits up.
I certainly can see no good reason why you want to nat outbound traffic to the clustered address, just permit both local machine addresses outbound access. And forcing a snat outside of the realms of the RHCS config will surely lead to a whole heap of problems. How can the other machine legitimately use that IP if other traffic leaving the first system is also being snatted to the IP? Arp tables and such will get in a right state I'd bet, especially as your SNAT covers ALL traffic leaving eth0. Does that traffic include cluster data? Even worse if so.
|